{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13614,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:31.940459593Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f5] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:38:31.943514283Z | 125 | PC: 12bf3 | UNKNOWN! |
| 2018-12-25T12:38:31.955303661Z | 74 | PC: 12bc8 | Reallocate memory |
| 2018-12-25T12:38:31.956760092Z | 75 | PC: 12bd7 | Execute program |
| 2018-12-25T12:38:31.961578654Z | 76 | PC: 12bdb | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13614,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:32.270982266Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f5] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:38:32.274953571Z | 9 | PC: 12b84 | Display string (Could not find end pointer) |